McAfee M-1250 Deployment Guide - Page 24

McAfee® Network Security Platform 6.0

Sensor Deployment Modes



High-availability.

In in-line mode, the Sensor does become a single point of failure, so the

Sensors support complete stateful fail-over, delivering the industry's first true high-

availability IPS deployment, similar to what you’d find with firewalls. If you’re running

in-line, McAfee recommends that you deploy two Sensors redundantly for failover

protection.

Figure 6: In-line mode

In in-line mode (seen in the previous figure), the Sensor logically acts as a transparent

repeater with minimal latency for packet processing. Unlike bridges, routers, or switches,

the Sensor does not need to learn MAC addresses or keep an ARP cache or a routing

table.

When deployed in-line, you must specify whether the Sensor port is monitoring inside or

outside of the network it is protecting. For example, the Sensor shown in the figure in How

complex is your network topology? (on page 9) is monitoring links both inside and outside

the network.

Fail-open versus fail-closed

Sensor ports deployed in In-line Mode have the option of failing open or closed. Similar in

terminology to firewall operation, ports failing

open

allow traffic to continue to flow. Thus,

even if the ports fail, your Sensor does not become a bottleneck; however, monitoring

ceases which may allow bad traffic to impact systems in your network. When ports are

configured to fail

closed

, the Sensor does not allow traffic to continue to flow, thus the

failed ports become a bottleneck, stopping all traffic at the Sensor.

17

Section	Page
Preface	4
Introducing McAfee Network Security Platform	4
About this Guide	4
Audience	4
Conventions used in this guide	4
Related Documentation	5
Contacting Technical Support	7
Getting Started	8
Deciding where to deploy Sensors and in what operating mode	8
Setting up your Sensors	9
Establish Sensor-to-Manager communication	11
Viewing and working with data generated by Network Security Platform	12
Configuring your deployment using the Manager	12
Updating your signatures and software	13
Tuning your deployment	14
Planning Network Security Platform Installation	15
Pre-deployment considerations	15
What is the size of your network?	15
How many access points are there between your network and the extranets or Internet?	16
Where are the critical servers that require protection within your network?	16
How complex is your network topology?	16
How much traffic typically crosses your network?	17
Where are your security operations located?	18
Where should I deploy Sensors?	18
Sensor Deployment Modes	20
Flexible deployment options	20
Multi-port Sensor deployment	20
Supported deployment modes	20
Full-duplex and half-duplex monitoring	22
Deploying Sensors in in-line mode	22
Fail-open versus fail-closed	24
Fail-open option for GE ports	25
Fail-open option for FE ports	25
Layer 2 passthru mode	25
Deploying Sensors in tap mode	25
Deploying the Sensors with FE ports in internal tap mode	26
Deploying Sensors with GE ports in external tap mode	27
Shifting from tap mode to in-line mode	28
SPAN port and hub monitoring	28
SPAN port and hub monitoring	29
High-Availability	29
Understanding failover in Network Security Platform	30
\	31
Interface groups	31
Deployment Scenarios	33
Deployment flexibility	33
Deployment scenario for beginners	33
Deployment scenario for intermediate users	34
Deployment scenario for advanced users	34

McAfee M-1250 Deployment Guide - Page 24

Fail-open versus fail-closed, High-availability.

Page 24 highlights